Microsoft Teams may have downplayed a disastrous security issue

  • Data Protection

    Microsoft Teams may have downplayed a disastrous security issue

    Posted by Nigel on 9 December 2020 at 1:41 pm

    Microsoft has been accused of downplaying the severity of a security issue found in its collaboration platform Teams, which was remedied quietly back in October.

    According to a report from security engineer Oskars Vegeris, the company failed to warn users of the problem and neither did it seek Common Vulnerabilities and Exposures (CVE) classification, on the grounds that Teams patches are installed automatically.

    Roughly one month after disclosure, the cross-site scripting (XSS) vulnerability was classified by Microsoft as “Important, Spoofing”, which Vegeris describes as “one of the lowest in-scope ratings possible”.

    However, the scope of potential attacks and the opportunity to access various different areas of the infected network means it demands a much higher threat rating, claims Vegeris.

    Microsoft caught lying about security breaches again! Surely not.

    ED7EC8CF-3A37-4832-B034-24F98A65E724
    Nigel replied 4 years ago 1 Member · 0 Replies
  • 0 Replies

Sorry, there were no replies found.

Log in to reply.

Start of Discussion
0 of 0 replies June 2018
Now

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .